#!/bin/bash
# OpenMPTCProuter VPS service script

_multipath() {
	# Force multipath status
	source /etc/shorewall/params.net
	for intf in `ls -1 /sys/class/net`; do
		if [ "$intf" != "bonding_masters" ]; then
			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1
				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
					multipath $intf signal >/dev/null 2>&1
					ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
				}
			else
				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
			fi
		fi
	done
}

_glorytun_udp() {
	#if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
	if systemctl list-unit-files glorytun-udp@.service >/dev/null; then
		[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
			logger -t "OMR-Service" "Restart Glorytun-UDP"
			systemctl -q restart 'glorytun-udp@*'
			sleep 10
		}
		if [ -z "$(pgrep post.sh)" ]; then
			for intf in /etc/glorytun-udp/tun*; do
				[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} &
			done
			#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
		fi
	fi
}

_glorytun_tcp() {
	#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
	if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
		for intf in /etc/glorytun-tcp/tun*; do
			[ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
		done
		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
			[ -z "$localip" ] && localip="10.255.255.1"
			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
			if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
				systemctl restart glorytun-tcp@tun0
				sleep 10
			fi
		fi
		#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
	fi
}

_dsvpn() {
	#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
	if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
		[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
			localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
			[ -z "$localip" ] && localip="10.255.251.1"
			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
				logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
				systemctl restart dsvpn-server@dsvpn0
			fi
			#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
		fi
	fi
}

_softethervpn() {
	if systemctl list-unit-files softether-vpnserver.service >/dev/null; then
		if [ -z "$(ip a show dev tap_softether | grep '10.255.210.1')" ]; then
			ip a add 10.255.210.1/24 dev tap_softether >/dev/null 2>&1
			ip link set promisc on tap_softether >/dev/null 2>&1
		fi
	fi
}

_shadowsocks() {
	if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
		[ -z "$(pgrep ss-server)" ] && {
			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
			systemctl restart shadowsocks-libev-manager@manager
		}
	fi
}

_shadowsocks_go() {
	if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
		[ -z "$(pgrep shadowsocks-go)" ] && {
			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
			systemctl restart shadowsocks-go
		}
	fi
}

_xray() {
	if systemctl list-unit-files xray.service >/dev/null; then
		[ -z "$(pgrep xray)" ] && {
			logger -t "OMR-Service" "xray not detected, restart XRay"
			systemctl restart xray
		}
	fi
}

_v2ray() {
	if systemctl list-unit-files v2ray.service >/dev/null; then
		[ -z "$(pgrep v2ray)" ] && {
			logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
			systemctl restart v2ray
		}
	fi
}

_wireguard() {
	#if [ -n "$(systemctl -a | grep 'wg')" ]; then
	if systemctl list-unit-files wg-quick@.service >/dev/null; then
		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
	fi
}


_omr_api() {
	[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
		logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
		systemctl -q restart omr-admin
	}
}

_lan_route() {
	jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
	while IFS=$"\n" read -r c; do
		if [ -n "$c" ]; then
			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
			username=$(echo "$c" | jq -r '.username')
			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
				echo "$c" | jq -c -r '.lanips[]? //empty' | 
				while IFS=$"\n" read -r d; do
					if [ "$d" != "" ]; then
						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
						networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
						netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
						[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
					fi
				done
			fi
		fi
	done
}

_gre_tunnels() {
	. "$(readlink -f "/etc/shorewall/params.vpn")"
	if [ -n "$OMR_ADDR" ]; then
		for intf in /etc/openmptcprouter-vps-admin/intf/*; do
			if [ -f "$intf" ]; then
				. "$(readlink -f "$intf")"
				iface="$(basename $intf)"
				if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
					[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
					ip link set $iface up >/dev/null 2>&1
					ip addr add $LOCALIP dev $iface >/dev/null 2>&1
					ip route add $NETWORK dev $iface >/dev/null 2>&1
				fi
			fi
		done
	fi
}

_openvpn_bonding() {
	if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
		echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
		ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding1 up >/dev/null 2>&1
		ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding2 up >/dev/null 2>&1
		ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding3 up >/dev/null 2>&1
		ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding4 up >/dev/null 2>&1
		ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding5 up >/dev/null 2>&1
		ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding6 up >/dev/null 2>&1
		ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding7 up >/dev/null 2>&1
		ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
		ip link set ovpnbonding8 up >/dev/null 2>&1
		ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
		ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
		ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
	fi
}

_vpn1() {
	vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
	[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
	if [ -n "$vpn1route" ]; then
		ip r del $vpn1route
		vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
		ip r a default via $vpngw dev vpn1 table 991337
		for route in $(ip r show dev vpn1); do
			ip r a $route table 991337
		done
	fi
}

sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
modprobe bonding >/dev/null 2>&1
ip link add omr-bonding type bond >/dev/null 2>&1
#[ -n "$(uname -r | grep '6.1')" ] && {
#	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
#}

gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"

while true; do
	_glorytun_udp
	_glorytun_tcp
	_shadowsocks
	_shadowsocks_go
	_xray
	_v2ray
	_dsvpn
	_softethervpn
	_wireguard
	_multipath
	_omr_api
	[ "$lan_routes" != "false" ] && _lan_route
	[ "$gre_tunnels" != "false" ] && _gre_tunnels
	_openvpn_bonding
	_vpn1
	sleep 30
done
